firefox: thunderbird: Same-origin policy bypass in the DOM: Notifications component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the DOM: Notifications component...

Important: firefox

Issue Overview: Race condition in the Graphics component. This vulnerability affects Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30. CVE-2025-13012 Mitigation bypass in the DOM: Core & HTML component. This vulnerability affects Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30...

Important: firefox

Issue Overview: Race condition in the Graphics component. This vulnerability affects Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30. CVE-2025-13012 Mitigation bypass in the DOM: Core & HTML component. This vulnerability affects Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30...

RHEL 8 : thunderbird (RHSA-2025:22791)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22791 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Mitigation bypass in the DOM: Security component...

AlmaLinux 8 : firefox (ALSA-2025:22363)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:22363 advisory. firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefox:...

CVE-2025-59788

Cross-site scripting XSS vulnerability in a reachable filespdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in...

OPENSUSE-SU-2025-20135-1 Security update for mozjs128

This update for mozjs128 fixes the following issues: - Update to version 128.14.0 bsc1248162: + CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component + CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component + CVE-2025-9181: Uninitialized memo...

SUSE-SU-2025:21170-1 Security update for mozjs128

This update for mozjs128 fixes the following issues: - Update to version 128.14.0 bsc1248162: + CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component + CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component + CVE-2025-9181: Uninitialized memo...

RHEL 8 : firefox (RHSA-2025:22363)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22363 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

RHEL 7 : firefox (RHSA-2025:22371)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22371 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

RockyLinux 9 : firefox (RLSA-2025:21280)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:21280 advisory. firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefox:...

RHEL 9 : firefox (RHSA-2025:22375)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22375 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

MCP TypeScript SDK 安全漏洞

MCP TypeScript SDK is a Model Context Protocol open source developer toolkit for Model Context Protocol servers and clients. A security vulnerability exists in MCP TypeScript SDK versions prior to 1.24.0 that stems from not enabling DNS rebinding protection by default, which could lead to bypassi...

Model Context Protocol Python SDK 安全漏洞

Model Context Protocol Python SDK is a Model Context Protocol open source development tool for Model Context Protocol servers and clients. A security vulnerability exists in the Model Context Protocol Python SDK prior to version 1.23.0, which stems from the fact that DNS rebinding protection is n...

firefox: thunderbird: Same-origin policy bypass in the DOM: Notifications component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the DOM: Notifications component...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

firefox: thunderbird: Same-origin policy bypass in the DOM: Workers component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the DOM: Workers component...

firefox: thunderbird: Same-origin policy bypass in the DOM: Notifications component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the DOM: Notifications component...

firefox: thunderbird: Same-origin policy bypass in the DOM: Workers component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the DOM: Workers component...

firefox: thunderbird: Same-origin policy bypass in the DOM: Workers component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the DOM: Workers component...